diff --git a/CHANGELOG.md b/CHANGELOG.md index 56e4b7f..21926b7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Added + +- Expose the `maxHealthyPercentage` property to allow setting the maximum percentage of healthy machines in the Auto Scaling Group during upgrades. + ## [2.23.0] - 2024-09-16 ### Changed diff --git a/helm/cluster-api-provider-aws/files/controlplane/patches/versions/v1beta1/awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io.yaml b/helm/cluster-api-provider-aws/files/controlplane/patches/versions/v1beta1/awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io.yaml index c2db455..96860a7 100644 --- a/helm/cluster-api-provider-aws/files/controlplane/patches/versions/v1beta1/awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io.yaml +++ b/helm/cluster-api-provider-aws/files/controlplane/patches/versions/v1beta1/awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io.yaml @@ -638,7 +638,10 @@ - resource-name type: string secondaryCidrBlocks: - description: SecondaryCidrBlocks are additional CIDR blocks to be associated when the provider creates a managed VPC. Defaults to none. Mutually exclusive with IPAMPool. This makes sense to use if, for example, you want to use a separate IP range for pods (e.g. Cilium ENI mode). + description: |- + SecondaryCidrBlocks are additional CIDR blocks to be associated when the provider creates a managed VPC. + Defaults to none. Mutually exclusive with IPAMPool. This makes sense to use if, for example, you want to use + a separate IP range for pods (e.g. Cilium ENI mode). items: description: VpcCidrBlock defines the CIDR block and settings to associate with the managed VPC. Currently, only IPv4 is supported. properties: diff --git a/helm/cluster-api-provider-aws/files/controlplane/patches/versions/v1beta2/awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io.yaml b/helm/cluster-api-provider-aws/files/controlplane/patches/versions/v1beta2/awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io.yaml index a265392..3917cfa 100644 --- a/helm/cluster-api-provider-aws/files/controlplane/patches/versions/v1beta2/awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io.yaml +++ b/helm/cluster-api-provider-aws/files/controlplane/patches/versions/v1beta2/awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io.yaml @@ -629,7 +629,10 @@ - resource-name type: string secondaryCidrBlocks: - description: SecondaryCidrBlocks are additional CIDR blocks to be associated when the provider creates a managed VPC. Defaults to none. Mutually exclusive with IPAMPool. This makes sense to use if, for example, you want to use a separate IP range for pods (e.g. Cilium ENI mode). + description: |- + SecondaryCidrBlocks are additional CIDR blocks to be associated when the provider creates a managed VPC. + Defaults to none. Mutually exclusive with IPAMPool. This makes sense to use if, for example, you want to use + a separate IP range for pods (e.g. Cilium ENI mode). items: description: VpcCidrBlock defines the CIDR block and settings to associate with the managed VPC. Currently, only IPv4 is supported. properties: diff --git a/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsclusters.infrastructure.cluster.x-k8s.io.yaml b/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsclusters.infrastructure.cluster.x-k8s.io.yaml index 4647ec3..0db315b 100644 --- a/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsclusters.infrastructure.cluster.x-k8s.io.yaml +++ b/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsclusters.infrastructure.cluster.x-k8s.io.yaml @@ -722,7 +722,10 @@ - resource-name type: string secondaryCidrBlocks: - description: SecondaryCidrBlocks are additional CIDR blocks to be associated when the provider creates a managed VPC. Defaults to none. Mutually exclusive with IPAMPool. This makes sense to use if, for example, you want to use a separate IP range for pods (e.g. Cilium ENI mode). + description: |- + SecondaryCidrBlocks are additional CIDR blocks to be associated when the provider creates a managed VPC. + Defaults to none. Mutually exclusive with IPAMPool. This makes sense to use if, for example, you want to use + a separate IP range for pods (e.g. Cilium ENI mode). items: description: VpcCidrBlock defines the CIDR block and settings to associate with the managed VPC. Currently, only IPv4 is supported. properties: diff --git a/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsclustertemplates.infrastructure.cluster.x-k8s.io.yaml b/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsclustertemplates.infrastructure.cluster.x-k8s.io.yaml index 1611692..b661f18 100644 --- a/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsclustertemplates.infrastructure.cluster.x-k8s.io.yaml +++ b/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsclustertemplates.infrastructure.cluster.x-k8s.io.yaml @@ -752,7 +752,10 @@ - resource-name type: string secondaryCidrBlocks: - description: SecondaryCidrBlocks are additional CIDR blocks to be associated when the provider creates a managed VPC. Defaults to none. Mutually exclusive with IPAMPool. This makes sense to use if, for example, you want to use a separate IP range for pods (e.g. Cilium ENI mode). + description: |- + SecondaryCidrBlocks are additional CIDR blocks to be associated when the provider creates a managed VPC. + Defaults to none. Mutually exclusive with IPAMPool. This makes sense to use if, for example, you want to use + a separate IP range for pods (e.g. Cilium ENI mode). items: description: VpcCidrBlock defines the CIDR block and settings to associate with the managed VPC. Currently, only IPv4 is supported. properties: diff --git a/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsmachinepools.infrastructure.cluster.x-k8s.io.yaml b/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsmachinepools.infrastructure.cluster.x-k8s.io.yaml index 62bf6da..b088930 100644 --- a/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsmachinepools.infrastructure.cluster.x-k8s.io.yaml +++ b/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsmachinepools.infrastructure.cluster.x-k8s.io.yaml @@ -210,14 +210,19 @@ description: Encrypted is whether the volume should be encrypted or not. type: boolean encryptionKey: - description: EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. If Encrypted is set and this is omitted, the default AWS key will be used. The key must already exist and be accessible by the controller. + description: |- + EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. + If Encrypted is set and this is omitted, the default AWS key will be used. + The key must already exist and be accessible by the controller. type: string iops: description: IOPS is the number of IOPS requested for the disk. Not applicable to all types. format: int64 type: integer size: - description: Size specifies size (in Gi) of the storage device. Must be greater than the image snapshot size or 8 (whichever is greater). + description: |- + Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever is greater). format: int64 minimum: 8 type: integer @@ -324,6 +329,87 @@ ignition: description: Ignition defined options related to the bootstrapping systems where Ignition is used. properties: + proxy: + description: |- + Proxy defines proxy settings for Ignition. + Only valid for Ignition versions 3.1 and above. + properties: + httpProxy: + description: |- + HTTPProxy is the HTTP proxy to use for Ignition. + A single URL that specifies the proxy server to use for HTTP and HTTPS requests, + unless overridden by the HTTPSProxy or NoProxy options. + type: string + httpsProxy: + description: |- + HTTPSProxy is the HTTPS proxy to use for Ignition. + A single URL that specifies the proxy server to use for HTTPS requests, + unless overridden by the NoProxy option. + type: string + noProxy: + description: |- + NoProxy is the list of domains to not proxy for Ignition. + Specifies a list of strings to hosts that should be excluded from proxying. + + + Each value is represented by: + - An IP address prefix (1.2.3.4) + - An IP address prefix in CIDR notation (1.2.3.4/8) + - A domain name + - A domain name matches that name and all subdomains + - A domain name with a leading . matches subdomains only + - A special DNS label (*), indicates that no proxying should be done + + + An IP address prefix and domain name can also include a literal port number (1.2.3.4:80). + items: + description: IgnitionNoProxy defines the list of domains to not proxy for Ignition. + maxLength: 2048 + type: string + maxItems: 64 + type: array + type: object + storageType: + default: ClusterObjectStore + description: |- + StorageType defines how to store the boostrap user data for Ignition. + This can be used to instruct Ignition from where to fetch the user data to bootstrap an instance. + + + When omitted, the storage option will default to ClusterObjectStore. + + + When set to "ClusterObjectStore", if the capability is available and a Cluster ObjectStore configuration + is correctly provided in the Cluster object (under .spec.s3Bucket), + an object store will be used to store bootstrap user data. + + + When set to "UnencryptedUserData", EC2 Instance User Data will be used to store the machine bootstrap user data, unencrypted. + This option is considered less secure than others as user data may contain sensitive informations (keys, certificates, etc.) + and users with ec2:DescribeInstances permission or users running pods + that can access the ec2 metadata service have access to this sensitive information. + So this is only to be used at ones own risk, and only when other more secure options are not viable. + enum: + - ClusterObjectStore + - UnencryptedUserData + type: string + tls: + description: |- + TLS defines TLS settings for Ignition. + Only valid for Ignition versions 3.1 and above. + properties: + certificateAuthorities: + description: |- + CASources defines the list of certificate authorities to use for Ignition. + The value is the certificate bundle (in PEM format). The bundle can contain multiple concatenated certificates. + Supported schemes are http, https, tftp, s3, arn, gs, and `data` (RFC 2397) URL scheme. + items: + description: IgnitionCASource defines the source of the certificate authority to use for Ignition. + maxLength: 65536 + type: string + maxItems: 64 + type: array + type: object version: default: "2.3" description: Version defines which version of Ignition will be used to generate bootstrap data. @@ -417,6 +503,18 @@ The default is to use the value for the health check grace period defined for the group. format: int64 type: integer + maxHealthyPercentage: + description: |- + The amount of capacity as a percentage in ASG that can be in service and healthy, or pending, + to support your workload when replacing instances. + The value is expressed as a percentage of the desired capacity of the ASG. Value range is 100 to 200. + If you specify MaxHealthyPercentage , you must also specify MinHealthyPercentage , and the difference between + them cannot be greater than 100. + A larger range increases the number of instances that can be replaced at the same time. + format: int64 + maximum: 200 + minimum: 100 + type: integer minHealthyPercentage: description: |- The amount of capacity as a percentage in ASG that must remain healthy diff --git a/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsmanagedmachinepools.infrastructure.cluster.x-k8s.io.yaml b/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsmanagedmachinepools.infrastructure.cluster.x-k8s.io.yaml index 90500dd..5855433 100644 --- a/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsmanagedmachinepools.infrastructure.cluster.x-k8s.io.yaml +++ b/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsmanagedmachinepools.infrastructure.cluster.x-k8s.io.yaml @@ -231,14 +231,19 @@ description: Encrypted is whether the volume should be encrypted or not. type: boolean encryptionKey: - description: EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. If Encrypted is set and this is omitted, the default AWS key will be used. The key must already exist and be accessible by the controller. + description: |- + EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. + If Encrypted is set and this is omitted, the default AWS key will be used. + The key must already exist and be accessible by the controller. type: string iops: description: IOPS is the number of IOPS requested for the disk. Not applicable to all types. format: int64 type: integer size: - description: Size specifies size (in Gi) of the storage device. Must be greater than the image snapshot size or 8 (whichever is greater). + description: |- + Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever is greater). format: int64 minimum: 8 type: integer diff --git a/helm/cluster-api-provider-aws/values.yaml b/helm/cluster-api-provider-aws/values.yaml index ae2f7bc..5de7c82 100644 --- a/helm/cluster-api-provider-aws/values.yaml +++ b/helm/cluster-api-provider-aws/values.yaml @@ -11,7 +11,8 @@ name: cluster-api-provider-aws # * add non root volumes to AWSMachinePools (https://github.com/giantswarm/cluster-api-provider-aws/pull/607/commits/ab0528f4b80ed36fd7b508c4137ee09d41fefa8c) # * support adding custom secondary VPC CIDR blocks in `AWSCluster` (https://github.com/giantswarm/cluster-api-provider-aws/pull/607/commits/ae00674b1ed47e0e939f44d4712507839df97106) # * S3 user data support for AWSMachinePools (https://github.com/giantswarm/cluster-api-provider-aws/pull/607/commits/905c44ab2afde5e2d4e983066ab9856859a0de47) -tag: v2.5.2-gs-11cb106a4 +# * Support setting maxHealthyPercentage to configure ASG instance refresh (https://github.com/giantswarm/cluster-api-provider-aws/commit/65159d8609a24802a34800b0c054a4b788a03d6d) +tag: v2.5.2-gs-65159d860 registry: domain: gsoci.azurecr.io